PAM touching shadow?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I've been fighting with this problem for a few weeks now, and I think I've at least narrowed it down to a package. I am using the SNARE auditing package to monitor activity on machines attached to a local network; a requirement by the government organization we work with. Unfortunately, however, our workstations running xscreensaver have SNARE reporting that the (non-root) logged-in user unsuccessfully attempts to touch the /etc/shadow file, with timestamps that correspond to the exact times that the user unlocks the window via xscreensaver.

I have narrowed it down to PAM (I think), as I've recompiled xscreensaver with absolutely no passwd references; only the PAM libraries compiled in, and the problem still presents itself. Does anyone know if PAM is making this call at some point, and if so, what is the reason behind it? Is PAM just doing a sanity permission check on the shadow file?

Any input (other than ignoring the error, which is unacceptable to our sponsors) would be appreciated.

Regards,
Eric

P.S. -- System is RH 9 Stable, updates current as of 7-12-04.

*********************************************************************
Eric Reischer                                 emr@xxxxxxxxxxxxxxx
"The greater our knowledge increases,
the greater our ignorance unfolds." -- John F. Kennedy
*********************************************************************


_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux